[英]Why the password is not hashed?
I'm using Argon2 to hash my password, this is my code:我正在使用 Argon2 到 hash 我的密码,这是我的代码:
import { ForbiddenException, Injectable } from '@nestjs/common';
import { PrismaService } from 'src/prisma/prisma.service';
import { AuthDto } from './dto';
import * as argon from 'argon2';
async signup(authDto: AuthDto) {
// generate the password
const hash = await argon.hash(authDto.password);
console.log(`The hashed password is ${authDto.password}`);
// save the new user in the db
try {
const user = await this.prisma.user.create({
data: {
email: authDto.email,
hash: authDto.password,
firstname: '',
lastname: '',
},
});
//delete user.hash;
// return the saved user
return user;
} catch (error) {
// test if the error is commimg from prisma
if (error instanceof PrismaClientKnownRequestError) {
// test if the field is duplicated
if (error.code === 'P2002') {
throw new ForbiddenException('Credentials taken'); //NestJS exception
}
}
throw error;
}
}
When I print my hashed password, I find it not hashed.当我打印我的散列密码时,我发现它没有散列。
PS: I'm using NestJS as nodeJS backend framework, and Manjaro Linux as OS, Argon2 as hash library. PS:我使用 NestJS 作为 nodeJS 后端框架,Manjaro Linux 作为操作系统,Argon2 作为 hash 库。
After hashing the password you are still using the plaintext password for logging and storing it into the prisma db.对密码进行哈希处理后,您仍然使用明文密码进行登录并将其存储到 prisma db 中。 The variable
hash
contains the hashed password.变量
hash
包含哈希密码。
Change the code to use the hash
instead of authDto.password
.更改代码以使用
hash
而不是authDto.password
。
const hash = await argon.hash(authDto.password);
console.log(`The hashed password is ${hash}`);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.